From 8c6d03b7a249ffe85ba2bda09a2a7614c0ff03db Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@kernel.org>
Date: Tue, 7 Apr 2026 20:06:51 -0700
Subject: crypto: Remove michael_mic from crypto_shash API

Remove the "michael_mic" crypto_shash algorithm, since it's no longer
used.  Its only users were wireless drivers, which have now been
converted to use the michael_mic() function instead.

It makes sense that no other users ever appeared: Michael MIC is an
insecure algorithm that is specific to WPA TKIP, which itself was an
interim security solution to replace the broken WEP standard.

Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Link: https://patch.msgid.link/20260408030651.80336-7-ebiggers@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 crypto/Kconfig       |  12 ----
 crypto/Makefile      |   1 -
 crypto/michael_mic.c | 176 ---------------------------------------------------
 crypto/tcrypt.c      |   4 --
 crypto/testmgr.c     |   6 --
 crypto/testmgr.h     |  50 ---------------
 6 files changed, 249 deletions(-)
 delete mode 100644 crypto/michael_mic.c

(limited to 'crypto')

diff --git a/crypto/Kconfig b/crypto/Kconfig
index b4bb85e8e226..769aef52a785 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -916,18 +916,6 @@ config CRYPTO_MD5
 	help
 	  MD5 message digest algorithm (RFC1321), including HMAC support.
 
-config CRYPTO_MICHAEL_MIC
-	tristate "Michael MIC"
-	select CRYPTO_HASH
-	help
-	  Michael MIC (Message Integrity Code) (IEEE 802.11i)
-
-	  Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol),
-	  known as WPA (Wif-Fi Protected Access).
-
-	  This algorithm is required for TKIP, but it should not be used for
-	  other purposes because of the weakness of the algorithm.
-
 config CRYPTO_RMD160
 	tristate "RIPEMD-160"
 	select CRYPTO_HASH
diff --git a/crypto/Makefile b/crypto/Makefile
index 04e269117589..aa35ba03222f 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -150,7 +150,6 @@ obj-$(CONFIG_CRYPTO_ARIA) += aria_generic.o
 obj-$(CONFIG_CRYPTO_CHACHA20) += chacha.o
 CFLAGS_chacha.o += -DARCH=$(ARCH)
 obj-$(CONFIG_CRYPTO_DEFLATE) += deflate.o
-obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o
 obj-$(CONFIG_CRYPTO_CRC32C) += crc32c-cryptoapi.o
 crc32c-cryptoapi-y := crc32c.o
 obj-$(CONFIG_CRYPTO_CRC32) += crc32-cryptoapi.o
diff --git a/crypto/michael_mic.c b/crypto/michael_mic.c
deleted file mode 100644
index 69ad35f524d7..000000000000
--- a/crypto/michael_mic.c
+++ /dev/null
@@ -1,176 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-only
-/*
- * Cryptographic API
- *
- * Michael MIC (IEEE 802.11i/TKIP) keyed digest
- *
- * Copyright (c) 2004 Jouni Malinen <j@w1.fi>
- */
-#include <crypto/internal/hash.h>
-#include <linux/unaligned.h>
-#include <linux/init.h>
-#include <linux/module.h>
-#include <linux/string.h>
-#include <linux/types.h>
-
-
-struct michael_mic_ctx {
-	u32 l, r;
-};
-
-struct michael_mic_desc_ctx {
-	__le32 pending;
-	size_t pending_len;
-
-	u32 l, r;
-};
-
-static inline u32 xswap(u32 val)
-{
-	return ((val & 0x00ff00ff) << 8) | ((val & 0xff00ff00) >> 8);
-}
-
-
-#define michael_block(l, r)	\
-do {				\
-	r ^= rol32(l, 17);	\
-	l += r;			\
-	r ^= xswap(l);		\
-	l += r;			\
-	r ^= rol32(l, 3);	\
-	l += r;			\
-	r ^= ror32(l, 2);	\
-	l += r;			\
-} while (0)
-
-
-static int michael_init(struct shash_desc *desc)
-{
-	struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc);
-	struct michael_mic_ctx *ctx = crypto_shash_ctx(desc->tfm);
-	mctx->pending_len = 0;
-	mctx->l = ctx->l;
-	mctx->r = ctx->r;
-
-	return 0;
-}
-
-
-static int michael_update(struct shash_desc *desc, const u8 *data,
-			   unsigned int len)
-{
-	struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc);
-
-	if (mctx->pending_len) {
-		int flen = 4 - mctx->pending_len;
-		if (flen > len)
-			flen = len;
-		memcpy((u8 *)&mctx->pending + mctx->pending_len, data, flen);
-		mctx->pending_len += flen;
-		data += flen;
-		len -= flen;
-
-		if (mctx->pending_len < 4)
-			return 0;
-
-		mctx->l ^= le32_to_cpu(mctx->pending);
-		michael_block(mctx->l, mctx->r);
-		mctx->pending_len = 0;
-	}
-
-	while (len >= 4) {
-		mctx->l ^= get_unaligned_le32(data);
-		michael_block(mctx->l, mctx->r);
-		data += 4;
-		len -= 4;
-	}
-
-	if (len > 0) {
-		mctx->pending_len = len;
-		memcpy(&mctx->pending, data, len);
-	}
-
-	return 0;
-}
-
-
-static int michael_final(struct shash_desc *desc, u8 *out)
-{
-	struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc);
-	u8 *data = (u8 *)&mctx->pending;
-
-	/* Last block and padding (0x5a, 4..7 x 0) */
-	switch (mctx->pending_len) {
-	case 0:
-		mctx->l ^= 0x5a;
-		break;
-	case 1:
-		mctx->l ^= data[0] | 0x5a00;
-		break;
-	case 2:
-		mctx->l ^= data[0] | (data[1] << 8) | 0x5a0000;
-		break;
-	case 3:
-		mctx->l ^= data[0] | (data[1] << 8) | (data[2] << 16) |
-			0x5a000000;
-		break;
-	}
-	michael_block(mctx->l, mctx->r);
-	/* l ^= 0; */
-	michael_block(mctx->l, mctx->r);
-
-	put_unaligned_le32(mctx->l, out);
-	put_unaligned_le32(mctx->r, out + 4);
-
-	return 0;
-}
-
-
-static int michael_setkey(struct crypto_shash *tfm, const u8 *key,
-			  unsigned int keylen)
-{
-	struct michael_mic_ctx *mctx = crypto_shash_ctx(tfm);
-
-	if (keylen != 8)
-		return -EINVAL;
-
-	mctx->l = get_unaligned_le32(key);
-	mctx->r = get_unaligned_le32(key + 4);
-	return 0;
-}
-
-static struct shash_alg alg = {
-	.digestsize		=	8,
-	.setkey			=	michael_setkey,
-	.init			=	michael_init,
-	.update			=	michael_update,
-	.final			=	michael_final,
-	.descsize		=	sizeof(struct michael_mic_desc_ctx),
-	.base			=	{
-		.cra_name		=	"michael_mic",
-		.cra_driver_name	=	"michael_mic-generic",
-		.cra_blocksize		=	8,
-		.cra_ctxsize		=	sizeof(struct michael_mic_ctx),
-		.cra_module		=	THIS_MODULE,
-	}
-};
-
-static int __init michael_mic_init(void)
-{
-	return crypto_register_shash(&alg);
-}
-
-
-static void __exit michael_mic_exit(void)
-{
-	crypto_unregister_shash(&alg);
-}
-
-
-module_init(michael_mic_init);
-module_exit(michael_mic_exit);
-
-MODULE_LICENSE("GPL v2");
-MODULE_DESCRIPTION("Michael MIC");
-MODULE_AUTHOR("Jouni Malinen <j@w1.fi>");
-MODULE_ALIAS_CRYPTO("michael_mic");
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index aded37546137..24f0ccc76796 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1557,10 +1557,6 @@ static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb)
 		ret = min(ret, tcrypt_test("ecb(arc4)"));
 		break;
 
-	case 17:
-		ret = min(ret, tcrypt_test("michael_mic"));
-		break;
-
 	case 18:
 		ret = min(ret, tcrypt_test("crc32c"));
 		break;
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 4985411dedae..d5c38683bf46 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5197,12 +5197,6 @@ static const struct alg_test_desc alg_test_descs[] = {
 		.suite = {
 			.hash = __VECS(md5_tv_template)
 		}
-	}, {
-		.alg = "michael_mic",
-		.test = alg_test_hash,
-		.suite = {
-			.hash = __VECS(michael_mic_tv_template)
-		}
 	}, {
 		.alg = "p1363(ecdsa-nist-p192)",
 		.test = alg_test_null,
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 1c69c11c0cdb..11911bff5f79 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -32808,56 +32808,6 @@ static const struct comp_testvec lzorle_decomp_tv_template[] = {
 	},
 };
 
-/*
- * Michael MIC test vectors from IEEE 802.11i
- */
-#define MICHAEL_MIC_TEST_VECTORS 6
-
-static const struct hash_testvec michael_mic_tv_template[] = {
-	{
-		.key = "\x00\x00\x00\x00\x00\x00\x00\x00",
-		.ksize = 8,
-		.plaintext = zeroed_string,
-		.psize = 0,
-		.digest = "\x82\x92\x5c\x1c\xa1\xd1\x30\xb8",
-	},
-	{
-		.key = "\x82\x92\x5c\x1c\xa1\xd1\x30\xb8",
-		.ksize = 8,
-		.plaintext = "M",
-		.psize = 1,
-		.digest = "\x43\x47\x21\xca\x40\x63\x9b\x3f",
-	},
-	{
-		.key = "\x43\x47\x21\xca\x40\x63\x9b\x3f",
-		.ksize = 8,
-		.plaintext = "Mi",
-		.psize = 2,
-		.digest = "\xe8\xf9\xbe\xca\xe9\x7e\x5d\x29",
-	},
-	{
-		.key = "\xe8\xf9\xbe\xca\xe9\x7e\x5d\x29",
-		.ksize = 8,
-		.plaintext = "Mic",
-		.psize = 3,
-		.digest = "\x90\x03\x8f\xc6\xcf\x13\xc1\xdb",
-	},
-	{
-		.key = "\x90\x03\x8f\xc6\xcf\x13\xc1\xdb",
-		.ksize = 8,
-		.plaintext = "Mich",
-		.psize = 4,
-		.digest = "\xd5\x5e\x10\x05\x10\x12\x89\x86",
-	},
-	{
-		.key = "\xd5\x5e\x10\x05\x10\x12\x89\x86",
-		.ksize = 8,
-		.plaintext = "Michael",
-		.psize = 7,
-		.digest = "\x0a\x94\x2b\x12\x4e\xca\xa5\x46",
-	}
-};
-
 /*
  * CRC32 test vectors
  */
-- 
cgit v1.2.3